GraniteSslConnectorFactory AEM 6.3

Avatar

Avatar
Validate 25
Level 3
Mahesh_Vikram
Level 3

Likes

12 likes

Total Posts

118 posts

Correct reply

3 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile

Avatar
Validate 25
Level 3
Mahesh_Vikram
Level 3

Likes

12 likes

Total Posts

118 posts

Correct reply

3 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile
Mahesh_Vikram
Level 3

17-01-2018

Hi All,

need some info on  com.adobe.granite.jetty.ssl.internal.GraniteSslConnectorFactory??

has any one got this "Bleichenbacher Oracle (ROBOT) Vulnerability ", If yes then how does this effect AEM??

The fix we got is to disable any ciphers that begin with TLS_RSA on all the instances.

I see by default we get four cipher entries starting with TLS_RSA*, disabling it an better idea.

Thanks,

Vikii

Replies

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,198 likes

Total Posts

6,383 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,198 likes

Total Posts

6,383 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

31-01-2018

Jörg Hoh​ Can you help here?

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

31-01-2018

If it's security related, I would recommend to raise a ticket with Adobe support and let it confirm.

This vulnerability is related to a TLS cipher which is vulnerable. You can enable or disable specifc cipher suites in the OSGI config of Jetty (see the fields "Included cipher suites" and "Excluded cipher suites"). You should be able to disable the affected cipher suite here.

Jörg

Avatar

Avatar
Validate 25
Level 3
Mahesh_Vikram
Level 3

Likes

12 likes

Total Posts

118 posts

Correct reply

3 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile

Avatar
Validate 25
Level 3
Mahesh_Vikram
Level 3

Likes

12 likes

Total Posts

118 posts

Correct reply

3 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Boost 5
Boost 3
View profile
Mahesh_Vikram
Level 3

01-02-2018

Hi Jorg,

We have disabled  all the cipher sites starting with TLS_RSA*.

I have two questions here.

1, What are this cipher suites?

2, Disabling TLS_RSA*, will this effect anything?

Thanks,

viki

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

02-02-2018

This is not specific for AEM and not even specific for Java, but a very broad concept. Check wikipedia for it[1].

[1] Cipher suite - Wikipedia